Zscaler + client side certificate ussues

Hello, i do have a website which works on 2 factor authentication i.e. client certificate which was issued to me by website along with username and password. When I enter my credentials on login page i am presented with chrome pop up which shows what certificate to select for the website. After selecting and pressing ok I am logged into the site.

After installaing zscaler I can enter my username / password but I don’t get the popup for certificate and website gives an error that client certificate is not found.

Any ideas are welcome plz.

Everything works fine when i turn off zapp agent.

Thanks

Sounds like you need to bypass ssl inspection for the domain in Zscaler portal or adjust your PAC file to send that domain direct bypassing the proxy. Could be certificate pinned.

1 Like

hi, thanks for the reply.

i have turned off ssl inspecton for the site but still get the same issue i.e. certificate pop up does not appear.

I would need to try pac bypass for the domain.

Hi, i tried to put the website in pac file but it still asks for certificate and fails with 403.

I was wondering if there is anything we can do as I dont want to disable zscaler for all these users.

Thanks

If you believe you’ve bypassed the 2FA website but it’s still not working, it sounds like there’s an issue with the bypass. Have you tried grabbing a HAR file to be sure you’re bypassing correct site(s)? You can run through HAR analyzer at har.mcnc.org.

1 Like

Hello, thanks for your replies.

yes it was issue with bypass. The site was using couple of other sites for restrictions.

Once, I checked the HAR file and whitelisted all these domains everything started working.

Thanks